Security Of Computer Systems Research Articles

Malware Classification Using Few-Shot Learning Approach

Malware detection, targeting the microarchitecture of processors, has recently come to light as a potentially effective way to improve computer system security. Hardware Performance Counter data are used by machine learning algorithms in security mechanisms, such as hardware-based malware detection, to categorize and detect malware. It is crucial to determine whether or not a file contains malware. Many issues have been brought about by the rise in malware, and businesses are losing vital data and dealing with other issues. The second thing to keep in mind is that malware can quickly cause a lot of damage to a system by slowing it down and encrypting a large amount of data on a personal computer. This study provides extensive details on a flexible framework related to machine learning and deep learning techniques using few-shot learning. Malware detection is possible using DT, RF, LR, SVM, and FSL techniques. The logic is that these algorithms make it simple to differentiate between files that are malware-free and those that are not. This indicates that their goal is to reduce the number of false positives in the data. For this, we use two different datasets from an online platform. In this research work, we mainly focus on few-shot learning techniques by using two different datasets. The proposed model has an 97% accuracy rate, which is much greater than that of other techniques.

Exploring the ALNS method for improved cybersecurity: A deep learning approach for attack detection in IoT and IIoT environments

With the emergence of the Internet of Things (IoT) and the Industrial Internet of Things (IIoT), the flow of data across the world is experiencing a rapid expansion. Unfortunately, this exponential growth is accompanied by a proportional increase in cyber threats, jeopardizing the security and integrity of computer systems. In this context, intrusion detection becomes a necessity to protect networks and systems against potential attacks, ensuring their proper functioning and reliability. In this paper, we propose a deep learning-based model for attack detection. This model utilizes a convolutional neural network to train the datasets, which are first cleaned and preprocessed. The model inputs are selected using an optimization method called adaptive large neighborhood search. The results obtained for the four datasets used - CICIDS2017, Edge-IIoTset, ToN-IoT windows7, and ToN-IoT windows10 - demonstrate the model’s effectiveness for both multi-class and binary classification cases. In the binary case, the accuracy reaches 99.85%, 100%, 99.97%, and 100%, respectively, and in the multi-class case, it stands at 99.81%, 94.98%, 99.92%, and 99.84%, respectively.

Hierarchical Perception for Encrypted Traffic Classification via Class Incremental Learning

The rapid evolution of internet technology has resulted in an ongoing update of the types of encrypted network traffic. Therefore, efficient Encrypted Traffic Classification (ETC) is of significant importance for the security of user data and computer systems. Incremental Learning (IL) strategies for ETC methods allow them to evolve with the network environment, achieving remarkable results in real-world scenarios. However, existing IL frameworks for ETC tasks face issues of low computational efficiency and insufficient incremental capability, making it difficult to achieve satisfactory performance. In this work, we introduce an incremental ETC scheme, HCA-Net, which uses hierarchical perception to evolve with traffic flows. We design a feature-reweighted Depthwise separable convolution that ensures computational efficiency without compromising feature extraction capabilities. Additionally, our IL framework comprises a carefully constructed contrastive loss and a representative exemplar selection strategy, enabling the distillation of knowledge from learning old traffic categories to the parameters of learning new knowledge, mitigating the inevitable catastrophic forgetting problem in IL methods. Comprehensive experimental results on three public datasets show that our scheme outperforms the state-of-the-art methods, demonstrating exceptional performance in ETC tasks. By acquiring specific traffic samples at each training stage, our approach achieves incremental ETC, showcasing robust incremental capability and computational efficiency.

An Evaluation of the Security of Bare Machine Computing (BMC) Systems against Cybersecurity Attacks

The Internet has become the primary vehicle for doing almost everything online, and smartphones are needed for almost everyone to live their daily lives. As a result, cybersecurity is a top priority in today’s world. As Internet usage has grown exponentially with billions of users and the proliferation of Internet of Things (IoT) devices, cybersecurity has become a cat-and-mouse game between attackers and defenders. Cyberattacks on systems are commonplace, and defense mechanisms are continually updated to prevent them. Based on a literature review of cybersecurity vulnerabilities, attacks, and preventive measures, we find that cybersecurity problems are rooted in computer system architectures, operating systems, network protocols, design options, heterogeneity, complexity, evolution, open systems, open-source software vulnerabilities, user convenience, ease of Internet access, global users, advertisements, business needs, and the global market. We investigate common cybersecurity vulnerabilities and find that the bare machine computing (BMC) paradigm is a possible solution to address and eliminate their root causes at many levels. We study 22 common cyberattacks, identify their root causes, and investigate preventive mechanisms currently used to address them. We compare conventional and bare machine characteristics and evaluate the BMC paradigm and its applications with respect to these attacks. Our study finds that BMC applications are resilient to most cyberattacks, except for a few physical attacks. We also find that BMC applications have inherent security at all computer and information system levels. Further research is needed to validate the security strengths of BMC systems and applications.

Identification of digital device hardware vulnerabilities based on scanning systems and semi-natural modeling

Objectives. The development of computer technology and information systems requires the consideration of issues of their security, various methods for detecting hardware vulnerabilities of digital device components, as well as protection against unauthorized access. An important aspect of this problem is to study existing methods for the possibility and ability to identify hardware errors or search for errors on the corresponding models. The aim of this work is to develop approaches, tools and technology for detecting vulnerabilities in hardware at an early design stage, and to create a methodology for their detection and risk assessment, leading to recommendations for ensuring security at all stages of the computer systems development process.Methods. Methods of semi-natural modeling, comparison and identification of hardware vulnerabilities, and stress testing to identify vulnerabilities were used.Results. Methods are proposed for detecting and protecting against hardware vulnerabilities: a critical aspect in ensuring the security of computer systems. In order to detect vulnerabilities in hardware, methods of port scanning, analysis of communication protocols and device diagnostics are used. The possible locations of hardware vulnerabilities and their variations are identified. The attributes of hardware vulnerabilities and risks are also described. In order to detect vulnerabilities in hardware at an early design stage, a special semi-natural simulation stand was developed. A scanning algorithm using the Remote Bitbang protocol is proposed to enable data to be transferred between OpenOCD and a device connected to the debug port. Based on scanning control, a verification method was developed to compare a behavioral model with a standard. Recommendations for ensuring security at all stages of the computer systems development process are provided.Conclusions. This paper proposes new technical solutions for detecting vulnerabilities in hardware, based on methods such as FPGA system scanning, semi-natural modeling, virtual model verification, communication protocol analysis and device diagnostics. The use of the algorithms and methods thus developed will allow developers to take the necessary measures to eliminate hardware vulnerabilities and prevent possible harmful effects at all stages of the design process of computer devices and information systems.

Penetration Testing and Attack Automation Simulation: Deep Reinforcement Learning Approach

In this research, we propose a revolutionary deep reinforcement learning-based methodology for automated penetration testing. The suggested method uses a deep Q-learning network to develop attack sequences that effectively exploit weaknesses in a target system. The method is tested in a virtual environment, and the findings indicate that it can identify vulnerabilities that manual penetration testing is unable to. A variety of tools, including Deep Q-learning network, MulVAL, Nmap, VirtualBox, Docker, National Vulnerability Database (NVD), and Common Vulnerability Scoring System (CVSS), are used in this work. The suggested method significantly outperforms current automated penetration testing methods. Our proposed methodology can detect flaws that manual penetration testing misses and can be modified (in terms of penalty values) to adapt to the updates of the target system (network) changes. Additionally, it has the potential to greatly enhance penetration testing's effectiveness and efficiency and could contribute to the increased security of computer systems. Experimental tests conducted in this work reveal the effectiveness of DQN automated penetration testing by utilizing the most effective attack vectors in the attack automation process

A Survey on Malware Detection and Analysis

Malware, or malicious software, poses a significant threat to the security and functionality of computer systems globally. This survey provides a comprehensive analysis of current malware detection and analysis methods, focusing on data mining methodologies. The study categorizes malware detection techniques into signature-based and behaviour-based approaches, highlighting their respective strengths and weaknesses. It explores heuristic techniques enhanced by artificial intelligence, including neural networks and genetic algorithms, to improve detection accuracy. The literature review examines host-based and network-based intrusion detection systems, hybrid systems, and virtual machine introspection. The paper also discusses static and dynamic analysis methods, emphasizing the importance of analysing malware in controlled environments. Through detailed examination, this survey aims to present a thorough understanding of contemporary malware detection strategies and their applications, offering insights for future advancements in the field.

A sequential deep learning framework for a robust and resilient network intrusion detection system

Ensuring the security and integrity of computer and network systems is of utmost importance in today’s digital landscape. Network intrusion detection systems (NIDS) play a critical role in continuously monitoring network traffic and identifying unauthorized or potentially malicious activities that could compromise the confidentiality, availability, and integrity of these systems. However, traditional NIDS face a daunting challenge in effectively adapting to the evolving tactics of cyber attackers. To address this challenge, we propose a multistage artificial intelligence enabled framework for intrusion detection in network traffic, capable of handling zero-day, out-of-distribution, and adversarial evasion attacks. Our framework comprises three sequential deep neural network (DNN) architectures: one for the classifier and two for specific autoencoders, designed to effectively detect both known attack patterns and novel, previously unseen samples. We introduce an innovative transfer learning technique where specific combinations of neurons and layers in the DNN architectures are frozen during one-shot learning to enhance the framework’s robustness to novel attacks. To validate the effectiveness of our framework, we conducted extensive experimentation using publicly available benchmark intrusion detection data sets. Leveraging the one-shot learning approach in the transfer learning component of the framework, we demonstrate continuous improvement in detection accuracy for both known and novel network traffic patterns. The results demonstrate the effectiveness of the multiple stages in the framework by achieving, on average, 98.5% accuracy in detecting various attacks.

Data Science in Cybersecurity to Detect Malware-Based Domain Generation Algorithm: Improvement, Challenges, and Prospects

Nowadays, the malware communicates with command and control servers using domains generated algorithmically. Domain generation algorithms ( DGAs) are continually evolving, which degrades the accuracy of the existing methods calls for the continuous tracking of how DGAs develop and their detection methods and calls for a good evaluation of the stage to open horizons for new detection methods. Data science plays a key role in cybersecurity by providing methods for detecting and analyzing network traffic data, including DGAs, and helping to improve the overall security of computer systems and networks. It can also be used to analyze large datasets of domain names and to develop and optimize solutions for DGA detection, by applying techniques such as machine learning, deep learning, and genetic algorithms, which have shown their effectiveness in detecting new and unknown DGAs. This paper reviews the role of data science in cybersecurity systems to detect DGAs. Hence, it also brings together publicly available domain name datasets and data science techniques utilized in recent DGA detection systems to highlight current issues and potential directions. This article additionally explains issues related to DGA detection. This will assist researchers in improving the current DGA detection algorithms as well as creating new powerful models.

Classification of Malware Images Using Fine-Tunned ViT

Malware detection and classification have become critical tasks in ensuring the security and integrity of computer systems and networks. Traditional methods of malware analysis often rely on signature-based approaches, which struggle to cope with the ever-evolving landscape of malware variants. In recent years, deep learning techniques have shown promising results in automating the process of malware classification. This paper presents a novel approach to malware image classification using the Vision Transformer (ViT) architecture. In this work, we adapt the ViT model to the domain of malware analysis by representing malware images as input tokens to the ViT architecture. To evaluate the effectiveness of the proposed approach, we used a comprehensive dataset comprising 14,226 malware samples across 26 families. We compare the performance of our ViT-based classifier with traditional machine learning methods and other deep learning architectures. Our experimental results showcase the potential of the ViT in handling malware images, achieving a classification accuracy of 98.80%. The presented approach establishes a strong foundation for further research in utilizing state-of-the-art deep learning architectures for enhanced malware analysis and detection techniques.

Triboelectric sensor-empowered intelligent mouse combined with machine learning technology strides toward a computer security system

The computer mouse is one of the most common tools used for human-machine interfacing. The human behavior studying by click operation using an intelligent mouse and related security identification of computers remains a great challenge. Here, we develop an intelligent mouse embedded with a contact-separation adaptable triboelectric sensor based on the intrinsic mouse button click operation. With the unique characteristics of different individuals who use the intelligent mouse and machine learning algorithms, an identity recognition system was designed. Through processes such as signal processing, feature extraction, and model training, high-accuracy (98.4 %) identification of different individuals based on the signals from the embedded triboelectric sensor in the mouse was achieved. In addition, we have developed a security alarm system for detecting unauthorized users operating the computer, and successfully validated the practicality of this system. A system for monitoring user behaviors while operating the computer has been designed to meet the monitoring needs of user computer usage states. This system can monitor users' gaming, working, or studying states, while effectively protecting users' privacy. In general, this work reveals a new strategy for security identification of computers which can be potentially applied in cyber and information security.

A hybrid approach for malware detection in SDN‐enabled IoT scenarios

AbstractMalware presents a significant threat to computer systems security, especially in ARM and MIPS architectures, driven by the rise of the internet of things (IoT). This paper introduces Heimdall, a hybrid approach that integrates YARA signatures and machine learning in programmable switches for efficient malware detection in SDN‐enabled IoT environments. The machine learning classifier achieved an accuracy of 99.33% against the IoT‐23 dataset. When evaluated in an emulated environment with real malware samples, Heimdall exhibits a 98.44% detection rate and an average processing time of 0.0217 s.

Special Section on Emerging Topics in Hardware Computing Systems Security

Special Section on Emerging Topics in Hardware Computing Systems Security

CuMONITOR: Continuous Monitoring of Microarchitecture for Software Task Identification and Classification

The interactions between software and hardware are increasingly important to computer system security. This research collected microprocessor control signal sequences to develop machine learning models that identify software tasks. In contrast with prior work that relies on hardware performance counters to collect data for task identification, this research is based on creating additional digital logic to record sequences of control signals inside a processor’s microarchitecture. The proposed approach considers software task identification in hardware as a general problem, with attacks treated as a subset of software tasks. Three lines of effort are presented. First, a data collection approach is described to extract sequences of control signals labeled by task identity during actual (i.e., non-simulated) system operation. Second, experimental design selects hardware and software configurations to train and evaluate machine learning models. The machine learning models significantly outperform a naïve classifier based on Euclidean distances from class means. Various experiment configurations produced a range of balanced accuracy scores. Third, task classification is addressed using decision boundaries defined with thresholds chosen by an optimization strategy to develop non-neural network classifiers. When implemented in hardware, the non-neural network classifiers could require less digital logic to implement compared to neural network models.

Enhanced Cloud Computing Security Using Application-Based Multi-Factor Authentication (MFA) for Communication Systems

The objective of this study is to create an advanced cloud computing security system that addresses the security vulnerabilities inherent in existing authentication processes in communication systems. Specifically, the study developed an application-based multi-layer and multi-factor authentication (MFA) program that enhances cloud security measures. The system presented an improved approach to cloud computing security through the implementation of application-based multi-factor authentication (MFA). By leveraging encryption techniques, the system guarantees secure access based on user profiles. These profiles consist of valid usernames, passwords, and token numbers generated by the application. In addition, the system enhances security by integrating the Time-based One-Time Password (TOTP) algorithm (IETF RFC 6238) with location checks, augmenting the overall protection measures. A thorough testing procedure was carried out on the system, with a specific focus on a test web application hosted on the cloud server. The result validated the efficacy of all three authentication factors integrated within the application.

Employing Incremental Learning for the Detection of Multiclass New Malware Variants

Background/Objectives: The study aims to achieve two main objectives. The first is to reliably identify and categorize malware variations to maintain the security of computer systems. Malware poses a continuous threat to digital information and system integrity, hence the need for effective detection tools. The second objective is to propose a new incremental learning method. This method is designed to adapt over time, continually incorporating new data, which is crucial for identifying and managing multiclass malware variants. Methods: This study utilised an incremental learning technique as the basis of the approach, a type of machine learning whereby a system retains previous knowledge and builds upon the information from the newly acquired data. Particularly, this method is suitable for tackling mutating character of malware dangers. The researchers used various sets of actual world malwares for evaluating the applicability of these ideas which serves as an accurate test environment. Findings: The findings of the research are significant. We utilizing 6 different datasets, which included 158,101 benign and malicious instances, the method demonstrated a high attack detection accuracy of 99.34%. Moreover, the study was successful in identifying a new category of malware variants and distinguishing between 15 different attack categories. These results underscore the effectiveness of the proposed incremental learning method in a real-world scenario. Novelty: This research is unique because of the novel use of a tailored incremental learning technique for dealing with dynamic threat environment of malwares. However, with a new threat they cannot be so well adapted using traditional machine learning methods. On the other hand, the technique put forward in this paper facilitates continuous learning that can be modified to match different types of malicious software as they develop. The ability to evolve and adapt is an important addition to current cybersecurity practices that include malware identification and classification. Keywords: Cybersecurity, Malware Detection, Incremental learning

Preliminary Experiments of a Real-World Authentication Mechanism Based on Facial Recognition and Fully Homomorphic Encryption

In the current context in which user authentication is the first line of defense against emerging attacks and can be considered a defining element of any security infrastructure, the need to adopt alternative, non-invasive, contactless, and scalable authentication mechanisms is mandatory. This paper presents initial research on the design, implementation, and evaluation of a multi-factor authentication mechanism that combines facial recognition with a fully homomorphic encryption algorithm. The goal is to minimize the risk of unauthorized access and uphold user confidentiality and integrity. The proposed device is implemented on the latest version of the Raspberry Pi and Arduino ESP 32 modules, which are wirelessly connected to the computer system. Additionally, a comprehensive evaluation, utilizing various statistical parameters, demonstrates the performance, the limitations of the encryption algorithms proposed to secure the biometric database, and also the security implications over the system resources. The research results illustrate that the Brakerski–Gentry–Vaikuntanathan algorithm can achieve higher performance and efficiency when compared to the Brakerski–Fan–Vercauteren algorithm, and proved to be the best alternative for the designed mechanism because it effectively enhances the level of security in computer systems, showing promise for deployment and seamless integration into real-world scenarios of network architectures.

Виктимологические аспекты использования искусственного интеллекта в предупреждении преступности

The relevance of the use of artificial intelligence in crime prevention is shown. Victimological foundations and possibilities of using artificial intelligence are presented. The definition of the concept “victimological aspects of the use of artificial intelligence in crime prevention” is proposed. The basics of the use of computer security systems in crime prevention are revealed. Possible errors in the process of using artificial intelligence in crime prevention are considered. The importance of interdisciplinary study of the use of artificial intelligence in crime prevention is determined. The obtained research results can be taken into account and used in the introduction of new forms of artificial intelligence in crime prevention, as well as in the development and analysis of new scientific topics in criminology, criminal law and information systems.

Comparison of Support Vector Machine and Random Forest Method on Static Analysis Windows Portable Executable (PE) Malware Detection

Malware has emerged as a significant concern for computer system security, as it spreads rapidly and adversely affects system performance. Detecting malware has become crucial, and one of the methods utilized is Machine Learning classification, which learns the characteristics of an application without executing it. In this study, the author evaluates the efficacy of malware detection in the static analysis of Windows Portable Executable (PE) files using the Support Vector Machine (SVM) and Random Forest algorithms. The author employs a dataset containing both malware-related PE files and safe applications to train the SVM and Random Forest models to classify PE files as either malware or safe. The objective is to determine the most effective machine learning algorithm for malware detection in PE files. The research compares the performance of both algorithms to identify the superior one for malware detection. The results indicate that the Random Forest algorithm achieves an impressive accuracy of 98.53%, while the SVM algorithm performs slightly lower with an accuracy of 97.14%.

Artificial Intelligence based Intrusion Detection System – A Detailed Survey

The Internet and communications have rapidly expanded, leading to a significant rise in data generation and heterogeneity. Intrusion detection systems play a crucial role in ensuring the security and integrity of computer systems. These systems have been developed by researchers, academicians, and practitioners to effectively detect and mitigate network attacks. Intrusion detection systems are designed to analyze network traffic and compare it with a baseline of normal behavior, allowing them to identify any deviations or inconsistencies that may indicate an intrusion. Furthermore, the cooperative and distributed architecture of intrusion detection systems enables them to effectively detect attacks and protect the network from unauthorized access. Additionally, to enhance the performance of intrusion detection systems, techniques such as resampling the dataset and utilizing classifier ensemble are used to improve the classification accuracy. Moreover, intrusion detection systems have been integrated with intrusion response systems to ensure a timely and effective response to detected attacks. AI-based Intrusion Detection Systems have emerged as a crucial tool in ensuring network security and combating cyber threats. These systems utilize artificial intelligence algorithms to analyze network traffic, identify patterns of malicious activity, and detect potential cyber-attacks. They have proven to be highly effective in improving the detection accuracy, reducing false alarms, and even detecting previously unknown types of attacks. In summary, the development of accurate and efficient intrusion detection systems is crucial for ensuring network security. In today’s rapidly changing world, the significance of accurate intrusion detection systems cannot be overstated.